Lockdown

Hello,

I saw lockdown awhile back and figured I would give it a shot. I really like the way it handles permissions and access in one place, init.rb. It has been a little finicky getting set up, but I finally got somethings mostly working, so I figured I would try and send it to production.

But for some reason production is totally wide open. Nothing is locked down, like it is in development.

I don't even know the first place to start to look to check on this. This is what my init.rb looks like

set_permission :sessions_management, all_methods(:sessions)

set_permission :users_management, only_methods(:users, :new, :create)

set_permission :stories_management, only_methods(:stories, :index)

set_public_access :sessions_management, :stories_management, :users_management

I am under the impression that everything is locked down by default, and I just add these controller/actions to be public correct? I only want the stories index to be public, but the stories/show i want you to have to be logged in to see. I have no user groups, I just need a simple login for authentication.

Like I said, It works just about perfectly (minus link_to root_url gets intercepted if not logged in) but in development mode, none of it works.

BTW, I deploy using passenger, but even when i tried running it with mongrel on port 300 in production, it didnt work either.

Thanks for any help!